Thursday, March 3, 2022

How to store Terraform state file in Azure Storage | How to manage Terraform state in Azure Blob Storage

One of the amazing features of Terraform is, it tracks the infrastructure that you provision. It does this through the means of state. By default, Terraform stores state locally in a file named terraform.tfstate. This does not work well in a team environment where if any developer wants to make a change he needs to make sure nobody else is updating terraform in the same time. You need to use remote storage to store state file.

With remote state, Terraform writes the state data to a remote data store, which can then be shared between all members of a team. Terraform supports storing state in many ways including the below:

  • Terraform Cloud
  • HashiCorp Consul
  • Amazon S3
  • Azure Blob Storage
  • Google Cloud Storage
  • Alibaba Cloud OSS
  • Artifactory or Nexus 

We will learn how to store state file in Azure Blob storage. We will be creating Azure storage account and container.

Watch the steps in YouTube Channel:



Configure remote state remote storage account

Before you use Azure Storage as a backend, you must create a storage account. We will create using shell script:

# Create resource group
az group create --name $RESOURCE_GROUP_NAME --location eastus
# Create storage account
az storage account create --resource-group $RESOURCE_GROUP_NAME --name $STORAGE_ACCOUNT_NAME --sku Standard_LRS --encryption-services blob
# Create blob container
az storage container create --name $CONTAINER_NAME --account-name $STORAGE_ACCOUNT_NAME

This should have created resource group, storage account and container.

Configure terraform backend state 

To configure the backend state, you need the following Azure storage information:

    • storage_account_name: The name of the Azure Storage account.
    • container_name: The name of the blob container.
    • key: The name of the state store file to be created.
    • access_key: The storage access key.
    Create file

    terraform {
    required_providers {
    azurerm = {
    source = "hashicorp/azurerm"
    version = "=2.63.0"
    backend "azurerm" {
    resource_group_name = "tfstate"
    storage_account_name = "<storage_acct_name>"
    container_name = "tfstate"
    key = "terraform.tfstate"

    provider "azurerm" {
    features {}

    resource "azurerm_resource_group" "demo-rg" {
    name = "demo-rg"
    location = "eastus"

    terraform init

    terraform apply 

    and type yes

    This should have created backend file called terraform.tfstate in a container inside azure storage.

    You can view remote state file info:

    This is how you can store terraform state information remotely. 

    No comments:

    Post a Comment